Science academies from the G-7 nations today issued three statements recommending that their governments take urgent action to build a net-zero emissions, climate-resilient future, reverse global declines in biodiversity, and improve data-sharing for future health emergencies.

In an interview, NAE President John Anderson discusses the national and global transition to net-zero carbon emissions and how engineers — and NAE in particular — can support that shift. Energy Transitions is the theme of NAE’s annual meeting this year, taking place Oct. 2-3.

Energy Secretary Jennifer M. Granholm and Transportation Secretary Pete Buttigieg took the stage at the 2023 annual meeting of the Transportation Research Board to discuss the federal government’s plan to reach “net-zero” carbon emissions in the U.S. transportation sector by 2050.

Attackers abusing the EvilVideo vulnerability could share malicious Android payloads via Telegram channels, groups, and chats, all while making them appear as legitimate multimedia files

The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year

NZMP, Fonterra’s dairy ingredient and solutions brand, has launched a new carbonzero certified Organic Butter to the North American market.

General Mills' Fiber One, the brand known for macro-friendly bars and brownies, has released its latest innovation to help consumers stay on track: Fiber One Donuts.

Mission Foods has released Zero Net Carbs tortillas in two flavors: Original and Sundried Tomato Basil.

Company also releases Nutri-Ricas Carb Watch tortillas with new Salsa Roja flavor.

The training facility, designed for the plumbing industry, will generate all energy required to support the operation of the building on site through the incorporation of several renewable energy technologies.

The state-of-the-art facility houses IAPMO R&T’s Oceana research center and product testing laboratory.

Matt Millard, owner of Performance Mechanical in Edgartown, Massachusetts, loves to experiment with new technologies. Recently, Millard wanted to step up to hydronic radiant heating for his own home addition using an air-to-water heat pump.

For decades, Janet Armstrong and Lloyd Davies have lived and breathed the sustainable lifestyle. Their way of life has ties to the example set by Janet’s father, who built the first solar house in Vancouver, British Columbia, Canada, way back in 1978.

Nixie introduced its new Organic Zero Sugar Soda line with the launch of three varieties: Classic Cola, Root Beer and Ginger Ale.  

Two Roads Brewing Co. unveiled the latest addition to its line of non-alcohol beers: Road 2 Ruin Zero Non-Alcoholic IPA.

Anheuser-Busch, St. Louis, announced the introduction of Michelob ULTRA Zero, a new alcohol-free brew. With only 29 calories, it is an alcohol-free beer that is brewed to remove alcohol with a 0% alcohol by volume.

BODYARMOR unveiled BODYARMOR ZERO SUGAR, the brand’s first zero sugar sports drink.

DripDrop announced the launch of three new offerings for its Zero Sugar lineup: Zero Sugar Peach, Zero Sugar Watermelon, and a four-flavor Zero Sugar Variety Pack.

POWERADE announced the addition of two new flavors to its sports drink portfolio: Island Burst and Strawberry Smash Zero.

Tropicana launched Tropicana Zero Sugar, a guilt-free juice within the Premium Tropicana Drinks assortment with zero sugar and no artificial sweetener ingredients.

Ocean Spray Cranberries Inc., the agricultural cooperative owned by roughly 700 farmer families, announced the launch of Ocean Spray Zero Sugar Juice Drink, the first beverage from Ocean Spray with zero grams of sugar and no artificial sweeteners.

Sanpellegrino Italian Sparkling Drinks announced the expansion of its beverage collection with the launch of Sanpellegrino Zero Grams Added Sugar.

Welch’s Zero Sugar hits shelves on Sept. 1. The juice line is available in two refrigerated flavors ― Passion Fruit and Grape ―as well as three shelf-stable flavors ― Tropical Punch, Strawberry and Concord Grape ― in multi-serve and single-serve formats. 

The IntuitiveLabs Monitoring as a cloud service, enables securing VoIP services using a sophisticated AI-based monitoring and Fraud detection solution and still comply to GDPR.

Dr. Jessica and Brian Caruso's Wellness Center Offers a Comprehensive Plant-Based Experience, Showcasing a Vegan Market, Eco-Friendly Boutique, Plant-Based Apothecary, Healing Chiropractic Energy Treatments, and Mind-Body Classes.

Decorzero has redefined the world of home decor with its exquisite collection of handcrafted metal wall decor, sculpture decor, and animal decor.

Zero Leakage DRAM Cell

Bluetooth-less Touch Technology. Ultralight Portable Monitor. Support all HDMI devices and Samsung DeX/Mac/PC/Android/Nintendo Switch/PS/Xbox/TV box. Lossless quality, ZERO-lag wirelessHD touchscreen

Event to Include 5K and 1 Mile Routes

Collaboration Set to Elevate Leadership Opportunities and Foster Greater Impact in the Military Community

Punyam Academy introduces a cutting-edge online course to equip professionals with the skills needed to lead organizations toward achieving net zero emissions and advancing global sustainability goals.

Did life once exist on Mars, and if so, where will we find it? This is what a recent study published in AGU Advances hopes to address as a team of several

Organizer: British Columbia Institute of Technology
Location: Online

Open Source MANO Release NINE fulfils ETSI's zero-touch automation vision, ready for MEC and O-RAN use cases

Sophia Antipolis, 18 December 2020

ETSI is pleased to announce the launch of OSM Release NINE today. With an array of new features, this Release completes the alignment process with ETSI NFV specifications, culminating in native adoption of ETSI GS NFV-SOL006 for network functions and service modelling. Standardizing the onboarding process for VNFs into OSM fosters interoperability and boosts the growth of OSM’s VNF ecosystem. Release NINE coincides with the announcement of a new production deployment, confirming OSM as the most comprehensive open-source NFV orchestrator and a key enabler for zero-touch end-to-end network and service automation.

Read More...

Sophia Antipolis, 5 October 2023

ETSI is pleased to announce the extension of its Zero touch network and Service Management group (ISG ZSM) for an additional 2 year-period.

Read More...

Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a zero-day vulnerability in Fortinet’s FortiManager.

FAQ

What is FortiJump?

FortiJump is a name given to a zero-day vulnerability in the FortiGate-FortiManager (FGFM) protocol in Fortinet’s FortiManager and FortiManager Cloud. It was named by security researcher Kevin Beaumont in a blog post on October 22. Beaumont also created a logo for FortiJump.

What are the vulnerabilities associated with FortiJump?

On October 23, Fortinet published an advisory (FG-IR-24-423) for FortiJump, assigning a CVE identifier for the flaw.

What is CVE-2024-47575?

CVE-2024-47575 is a missing authentication vulnerability in the FortiGate to FortiManager (FGFM) daemon (fgfmsd) in FortiManager and FortiManager Cloud.

How severe is CVE-2024-47575?

Exploitation of FortiJump could allow an unauthenticated, remote attacker using a valid FortiGate certificate to register unauthorized devices in FortiManager. Successful exploitation would grant the attacker the ability to view and modify files, such as configuration files, to obtain sensitive information, as well as the ability to manage other devices.

Obtaining a certificate from a FortiGate device is relatively easy:

Comment
by from discussion
infortinet

According to results from Shodan, there are nearly 60,000 FortiManager devices that are internet-facing, including over 13,000 in the United States, over 5,800 in China, nearly 3,000 in Brazil and 2,300 in India:

When was FortiJump first disclosed?

There were reports on Reddit that Fortinet proactively notified customers using FortiManager about the flaw ahead of the release of patches, though some customers say they never received any notifications. Beaumont posted a warning to Mastodon on October 13:

Post by @GossiTheDog@cyberplace.social

View on Mastodon

Was this exploited as a zero-day?

Yes, according to both Beaumont and Fortinet, FortiJump has been exploited in the wild as a zero-day. Additionally, Google Mandiant published a blog post on October 23 highlighting its collaborative investigation with Fortinet into the “mass exploitation” of this zero-day vulnerability. According to Google Mandiant, they’ve discovered over 50 plus “potentially compromised FortiManager devices in various industries.”

Which threat actors are exploiting FortiJump?

Google Mandiant attributed exploitation activity to a new threat cluster called UNC5820, adding that the cluster has been observed exploiting the flaw since “as early as June 27, 2024.”

Is there a proof-of-concept (PoC) available for this vulnerability/these vulnerabilities?

As of October 23, there are no public proof-of-concept exploits available for FortiJump.

Are patches or mitigations available for FortiJump?

The following table contains a list of affected products, versions and fixed versions.

Fortinet’s advisory provides workarounds for specific impacted versions if patching is not feasible. These include blocking unknown devices from attempting to register to FortiManager, creating IP allow lists of approved FortiGate devices that can connect to FortiManager and the creation of custom certificates. Generally speaking, it is advised to ensure FGFM is not internet-facing.

Has Tenable released any product coverage for these vulnerabilities?

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2024-47575 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Get more information

• Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
• FortiGuard Labs PSIRT FG-IR-24-423 Advisory

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.

Dive into six things that are top of mind for the week ending Nov. 1.

1 - Securing OT/ICS in critical infrastructure with zero trust

As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles.

That’s the key message of the Cloud Security Alliance’s “Zero Trust Guidance for Critical Infrastructure,” which focuses on applying zero trust methods to OT and industrial control system (ICS) systems.

While OT/ICS environments were historically air gapped, that’s rarely the case anymore. “Modern systems are often interconnected via embedded wireless access, cloud and other internet-connected services, and software-as-a-service (SaaS) applications,” reads the 64-page white paper, which was published this week.

The CSA hopes the document will help cybersecurity teams and OT/ICS operators enhance the way they communicate and collaborate.

Among the topics covered are:

• Critical infrastructure’s unique threat vectors
• The convergence of IT/OT with digital transformation
• Architecture and technology differences between OT and IT

The guide also outlines this five-step process for implementing zero trust in OT/ICS environments:

• Define the surface to be protected
• Map operational flows
• Build a zero trust architecture
• Draft a zero trust policy
• Monitor and maintain the environment

A zero trust strategy boosts the security of critical OT/ICS systems by helping teams “keep pace with rapid technological advancements and the evolving threat landscape,” Jennifer Minella, the paper’s lead author, said in a statement.

To get more details, read:

• The report’s announcement “New Paper from Cloud Security Alliance Examines Considerations and Application of Zero Trust Principles for Critical Infrastructure”
• The full report “Zero Trust Guidance for Critical Infrastructure”
• A complementary slide presentation

For more information about OT systems cybersecurity, check out these Tenable resources: 

• “What is operational technology (OT)?” (guide)
• “Discover, Measure, and Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments” (on-demand webinar)
• “How To Secure All of Your Assets - IT, OT and IoT - With an Exposure Management Platform” (blog)
• “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk” (white paper)
• “Tenable Cloud Risk Report 2024” (white paper)

2 - Five Eyes publish cyber guidance for tech startups

Startup tech companies can be attractive targets for hackers, especially if they have weak cybersecurity and valuable intellectual property (IP).

To help startups prevent cyberattacks, the Five Eyes countries this week published cybersecurity guides tailored for these companies and their investors.

“This guidance is designed to help tech startups protect their innovation, reputation, and growth, while also helping tech investors fortify their portfolio companies against security risks," Mike Casey, U.S. National Counterintelligence and Security Center Director, said in a statement.

These are the top five cybersecurity recommendations from Australia, Canada, New Zealand, the U.S. and the U.K. for tech startups:

• Be aware of threat vectors, including malicious insiders, insecure IT and supply chain risk.
• Identify your most critical assets and conduct a risk assessment to pinpoint vulnerabilities.
• Build security into your products by managing intellectual assets and IP; monitoring who has access to sensitive information; and ensuring this information’s protection.
• Conduct due diligence when choosing partners and make sure they’re equipped to protect the data you share with them.
• Before you expand abroad, prepare and become informed about these new markets by, for example, understanding local laws in areas such as IP protection and data protection.

“Sophisticated nation-state adversaries, like China, are working hard to steal the intellectual property held by some of our countries’ most innovative and exciting startups,” Ken McCallum, Director General of the U.K.’s MI5, said in a statement.

To get more details, check out these Five Eyes’ cybersecurity resources for tech startups:

• The announcement “Five Eyes Launch Shared Security Advice Campaign for Tech Startups”
• The main guides: 
  • “Secure Innovation: Security Advice for Emerging Technology Companies”
  • “Secure Innovation: Security Advice for Emerging Technology Investors”
• These complementary documents:
  • “Secure Innovation: Scenarios and Mitigations”
  • “Secure Innovation: Travel Security Guidance”
  • “Secure Innovation: Due Diligence Guidance”
  • “Secure Innovation: Companies Summary”

3 - Survey: Unapproved AI use impacting data governance

Employees’ use of unauthorized AI tools is creating compliance issues in a majority of organizations. Specifically, it makes it harder to control data governance and compliance, according to almost 60% of organizations surveyed by market researcher Vanson Bourne.

“Amid all the investment and adoption enthusiasm, many organisations are struggling for control and visibility over its use,” reads the firm’s “AI Barometer: October 2024” publication. Vanson Bourne polls 100 IT and business executives each month about their AI investment plans.

To what extent do you think the unsanctioned use of AI tools is impacting your organisation's ability to maintain control over data governance and compliance?

^{(Source: Vanson Bourne’s “AI Barometer: October 2024”)}

Close to half of organizations surveyed (44%) believe that at least 10% of their employees are using unapproved AI tools.

On a related front, organizations are also grappling with the issue of software vendors that unilaterally and silently add AI features to their products, especially to their SaaS applications.

While surveyed organizations say they’re reaping advantages from their AI usage, “such benefits are dependent on IT teams having the tools to address the control and visibility challenges they face,” the publication reads.

For more information about the use of unapproved AI tools, an issue also known as “shadow AI,” check out:

• “Do You Think You Have No AI Exposures? Think Again” (Tenable)
• “Shadow AI poses new generation of threats to enterprise IT” (TechTarget)
• “10 ways to prevent shadow AI disaster” (CIO)
• “Never Trust User Inputs -- And AI Isn't an Exception: A Security-First Approach” (Tenable)
• “Shadow AI in the ‘dark corners’ of work is becoming a big problem for companies” (CNBC)

VIDEO

Shadow AI Risks in Your Company

4 - NCSC explains nuances of multi-factor authentication

Multi-factor authentication (MFA) comes in a variety of flavors, and understanding the differences is critical for choosing the right option for each use case in your organization.

To help cybersecurity teams better understand the different MFA types and their pluses and minuses, the U.K. National Cyber Security Centre (NCSC) has updated its MFA guidance.

“The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA,” reads an NCSC blog.

In other words, what type of MFA method to use depends on people’s roles, how they work, the devices they use, the applications or services they’re accessing and so on.

Topics covered include:

• Recommended types of MFA, such as FIDO2 credentials, app-based and hardware-based code generators and message-based methods
• The importance of using strong MFA to secure users’ access to sensitive data
• The role of trusted devices in boosting and simplifying MFA
• Bad practices that weaken MFA’s effectiveness, such as:
  • Retaining weaker, password-only authentication protocols for legacy services
  • Excluding certain accounts from MFA requirements because their users, usually high-ranking officials, find MFA inconvenient

To get more details, read:

• The NCSC blog “Not all types of MFA are created equal”
• The NCSC guide “Multi-factor authentication for your corporate online services”

For more information about MFA:

• “Multifactor Authentication Cheat Sheet” (OWASP)
• “Deploying Multi Factor Authentication – The What, How, and Why” (SANS Institute)
• “How MFA gets hacked — and strategies to prevent it” (CSO)
• “How Multifactor Authentication Supports Growth for Businesses Focused on Zero Trust” (BizTech)
• “What is multi-factor authentication?” (TechTarget)

5 - U.S. gov’t outlines AI strategy, ties it to national security 

The White House has laid out its expectations for how the federal government ought to promote the development of AI in order to safeguard U.S. national security.

In the country’s first-ever National Security Memorandum (NSM) on AI, the Biden administration said the federal government must accomplish the following:

• Ensure the U.S. is the leader in the development of safe, secure and trustworthy AI
• Leverage advanced AI technologies to boost national security
• Advance global AI consensus and governance

“The NSM’s fundamental premise is that advances at the frontier of AI will have significant implications for national security and foreign policy in the near future,” reads a White House statement.

The NSM’s directives to federal agencies include:

• Help improve the security of chips and support the development of powerful supercomputers to be used by AI systems.
• Help AI developers protect their work against foreign spies by providing them with cybersecurity and counterintelligence information.
• Collaborate with international partners to create a governance framework for using AI in a way that is ethical, responsible and respects human rights. 

The White House also published a complementary document titled “Framework To Advance AI Governance and Risk Management in National Security,” which adds implementation details and guidance for the NSM.

6 - State CISOs on the frontlines of AI security

As the cybersecurity risks and benefits of AI multiply, most U.S. state CISOs find themselves at the center of their governments' efforts to craft AI security strategies and policies.

That’s according to the “2024 Deloitte-NASCIO Cybersecurity Study,” which surveyed CISOs from all 50 states and the District of Columbia.

Specifically, 88% of state CISOs reported being involved in the development of a generative AI strategy, while 96% are involved with creating a generative AI security policy.

However, their involvement in AI cybersecurity matters isn’t necessarily making them optimistic about their states’ ability to fend off AI-boosted attacks.

None said they feel “extremely confident” that their state can prevent AI-boosted attacks, while only 10% reported feeling “very confident.” The majority (43%) said they feel “somewhat confident” while the rest said they are either “not very confident” or “not confident at all.”

Naturally, most state CISOs see AI-enabled cyberthreats as significant, with 71% categorizing them as either “very high threat” (18%) or “somewhat high threat” (53%).

At the same time, state CISOs see the potential for AI to help their cybersecurity efforts, as 41% are already using generative AI for cybersecurity, and another 43% have plans to do so by mid-2025.

Other findings from the "2024 Deloitte-NASCIO Cybersecurity Study" include:

• 4 in 10 state CISOs feel their budget is insufficient.
• Almost half of respondents rank cybersecurity staffing as one of the top challenges.
• In the past two years, 23 states have hired new CISOs, as the median tenure of a state CISO has dropped to 23 months, down from 30 months in 2022.
• More state CISOs are taking on privacy protection duties — 86% are responsible for privacy protection, up from 60% two years ago.

For more information about CISO trends:

• “What’s important to CISOs in 2024” (PwC)
• “The CISO’s Tightrope: Balancing Security, Business, and Legal Risks in 2024” (The National CIO Review)
• “State of CISO Leadership: 2024” (SC World)
• “4 Trends That Will Define the CISO's Role in 2024” (SANS Institute)

Fighting climate change is a big, messy task that will take a lot of work. This hour, TED's Science Curator David Biello joins Manoush to share some promising and fascinating solutions.

Learn more about sponsor message choices: podcastchoices.com/adchoices

NPR Privacy Policy

It’s time to end zero-tolerance policies in schools, which disproportionately harm Black students with ADHD and other disabilities, and place them at increased risk for getting sucked into the school-to-prison pipeline.

Plant engineers and quality departments often struggle with zero point drift during air leak testing, where the initial zero reading shifts over time, leading to frequent adjustments of the leak test instrument. This article addresses the causes of zero drift, commonly attributed to changes in shop floor temperature, and provides strategies to minimize or eliminate this issue for improved efficiency in quality control processes.

Leak testing is an important quality control measure in manufacturing. This article provides guidance on determining leak testing specifications by exploring factors and modifying existing specifications or creating new ones.

With the rapid expansion of data centers driven by AI, cloud computing, and gaming, the demand for sustainable HVAC systems has never been higher — see what HVAC contractors can do to help curb energy consumption. 

Transcend Communities are net zero, all-electric, healthy, resilient, connected, solar-powered, and cost-effective homes located in mixed-use communities — and an in-floor radiant system that will heat and cool both air and water is pivotal to this.

The DCC boiler eliminates greenhouse gas emissions, providing a clean and eco-friendly source of steam for various industries and applications, Jericho Energy Ventures said.

The home now has a 3.9 kW solar array that offsets nearly 100% of the System M and grid power supplied from the clean-sourced ConEd program — meaning that the house has zero emission heating, cooling, and hot water.

PulteGroup Inc. announced it has completed construction of its zero net energy (ZNE) home prototype in Northern California. The new Pulte home, which is designed to generate as much energy as it uses, will be monitored for 12 months to evaluate its performance and identify opportunities for future enhancements.

The proposed new approach to chilled water HVAC systems promises to provide significant capital cost savings, energy cost savings, and a path to eliminate CO₂ emissions.

This Michigan home is proof that even when achieving high-level green building standards, more can be done to improve sustainability.